Sounds like the packets are not getting directed to the traffic_server
process. I assume that you have set up the iptables, ebtables, ip
routes, and ip rules described in the document you reference.
You can see if your iptables rules are being triggered by running
iptables -t mangle -L -v
This shows the number of packets that have triggered each rule. If your
tproxy rules have zero packets hitting, then you have a problem.
Similarly, the following command shows the command count for the ebtables
ebtables -t broute -L --Lc
In addition to the documentation, you might want to take a look at this
shell script,
http://network-geographics.com/assets/docs/acna-universal.sh, as a
successful example.
On 8/11/2015 9:08 PM, Wayne Zhang wrote:
I tried reinstalling it into /opt/ts and start it by "sudo", the
permission error disappeared, but the problem (http visiting gets
timeout) remained.
Wireshark on client PC showed that it didn't receive the SYN/ACK packet.
2015-08-11 21:35 GMT+08:00 Susan Hinrichs
<[email protected]
<mailto:[email protected]>>:
Are you starting traffic manager as a privileged user? Sounds
like a permission error.
On 8/10/2015 9:37 PM, Wayne Zhang wrote:
Hi.
I followed the steps strictly from the official documents here :
http://trafficserver.readthedocs.org/en/latest/admin/transparent-proxy/bridge.en.html#inline-on-a-linux-bridge
the source code version is 5.3.1.
my linux kernel is 3.8.0-44, and I checked that the xt_TPROXY
model was loaded after executing iptables command.
config.log shows getting the right value 19.
then the Linux ethernet bridge works well, *every app on the
client PC can access the internet but the browser visiting http
websites always gets timeout (https is ok)*.
the 3 processes traffic_cop, traffic_manager and traffic_server
can be seen using "ps aux".
there is no access log file squid.log in the log path.
and the Wireshark on the PC using as bridge can not find any
interfaces in this situation.
I tried to change the value of proxy.config.http.server_ports
from the default 8080 to "8080:ipv4:tr-full", then I got error
"Unable to set transparent socket option operation not
permitted", and only one process traffic_cop remained.
How to fix this ? Thanks in advance.
